ES settings error
By Garrett Luttman on Monday, 24 April 2017
Posted in General
Replies 5
Likes 0
Views 155
Votes 0
When i change any of the ES Settings (i.e. change login from quick to full) and click save, I'm redirected to the frontend 404 error page.
okay got with host and this rule was being triggered...

[Wed May 10 13:37:52 2017] [error] [client 166.137.139.81] ModSecurity: Access denied with code 403 (phase 2). Matched p hrase ".profile" at ARGS_NAMES:oauth.facebook.profile. [file "/var/cpanel/cwaf/rules/09_Global_Other.conf"] [line "57"] [id "210580"] [rev "1"] [msg "COMODO WAF: OS File Access Attempt||mastershouse.org|F|2"] [data "Matched Data: .profile f ound within ARGS_NAMES:oauth.facebook.profile: oauth.facebook.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "mastershouse.org"] [uri "/administrator/index.php"] [unique_id "WRNP8MY2ci4AB3dDb@UAAAFL"]
Garrett Luttman
·
Thursday, 11 May 2017 02:02
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Garrett,

I tried to login to your site with the provided login credentials but I seem to be hitting this error, http://take.ms/k6lua . Can you please advise?
Mark
·
Monday, 24 April 2017 00:11
·
0 Likes
·
0 Votes
·
0 Comments
·
Sorry, it's corrected now, you can login
Garrett Luttman
·
Monday, 24 April 2017 00:21
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Garrett,

After several hours checking this, it seems like when the POST request is made, the web server is redirecting to the front end of your site and it doesn't seem to be going to Joomla's /administrator/index.php at all.

This actually leads me to believe that the web server is already redirecting the request before it even reaches Joomla. Could you try contacting your hosting provider and ask them if there are any mod_security or security module for apache that is installed which could be performing such redirection?
Mark
·
Monday, 24 April 2017 01:48
·
0 Likes
·
0 Votes
·
0 Comments
·
Ah I see. Thanks for updating me on this Garrett and glad that we are able to get down to the bottom of this. I see that the false positive happens when the "key", oauth.facebook.profile is being used.
Mark
·
Thursday, 11 May 2017 06:41
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post